Rapid7 – Page 2 – WindowsTechs.com

Bug Left Some Windows PCs Dangerously Unpatched

Posted on September 10, 2024 by BrianKrebs

Microsoft Corp. today released updates to fix at least 79 security vulnerabilities in its Windows operating systems and related software, including multiple flaws that are already showing up in active attacks. Microsoft also corrected a critical bug that has caused some Windows 10 PCs to remain dangerously unpatched against actively exploited vulnerabilities for several months this year. Continue reading Bug Left Some Windows PCs Dangerously Unpatched→

CISA confirms that SonicWall vulnerability is getting exploited (CVE-2024-40766)

Posted on September 10, 2024 by Zeljka Zorz

The US Cybersecurity and Infrastructure Security Agency (CISA) has added CVE-2024-40766 – a recently fixed improper access control vulnerability affecting SonicWall’s firewalls – to its Known Exploited Vulnerabilities catalog, thus co… Continue reading CISA confirms that SonicWall vulnerability is getting exploited (CVE-2024-40766)→

Apache OFBiz team patches critical RCE vulnerability (CVE-2024-45195)

Posted on September 6, 2024 by Zeljka Zorz

For the fourth time in the last five months, Apache OFBiz users have been advised to upgrade their installations to fix a critical flaw (CVE-2024-45195) that could lead to unauthenticated remote code execution. About CVE-2024-45195 Apache OFBiz is an o… Continue reading Apache OFBiz team patches critical RCE vulnerability (CVE-2024-45195)→

Infosec products of the month: August 2024

Posted on September 2, 2024 by Help Net Security

Here’s a look at the most interesting products from the past month, featuring releases from: Adaptive Shield, AppOmni, ArmorCode, Bitwarden, Cequence Security, ClearSale, Clutch Security, Contrast Security, Dragos, Elastic, Endor Labs, Entrust, Fortani… Continue reading Infosec products of the month: August 2024→

New infosec products of the week: August 9, 2024

Posted on August 9, 2024 by Anamarija Pogorelec

Here’s a look at the most interesting products from the past week, featuring releases from: Rapid7, AppOmni, Contrast Security, Elastic, Cequence Security, Veza, ArmorCode, and EndorLabs. Rapid7 releases Command Platform, unified attack defense and res… Continue reading New infosec products of the week: August 9, 2024→

Ransomware operators continue to innovate

Posted on August 8, 2024 by Help Net Security

Ransomware groups continue to refine their craft, building and scaling business models that resemble legitimate corporate enterprises, according to Rapid7. They market their services to prospective buyers, offer company insiders commissions in exchange… Continue reading Ransomware operators continue to innovate→

Rapid7 releases Command Platform, unified attack defense and response

Posted on August 5, 2024 by Industry News

Rapid7 launched its Command Platform, a unified threat exposure, detection, and response platform. It allows customers to integrate their critical security data to provide a unified view of vulnerabilities, exposures, and threats from endpoint to cloud… Continue reading Rapid7 releases Command Platform, unified attack defense and response→

Progress quietly fixes MOVEit auth bypass flaws (CVE-2024-5805, CVE-2024-5806)

Posted on June 25, 2024 by Zeljka Zorz

Progress Software has patched one critical (CVE-2024-5805) and one high-risk (CVE-2024-5806) vulnerability in MOVEit, its widely used managed file transfer (MFT) software product. According to WatchTowr Labs researchers, the company has been privately … Continue reading Progress quietly fixes MOVEit auth bypass flaws (CVE-2024-5805, CVE-2024-5806)→

Patch Tuesday, June 2024 “Recall” Edition

Posted on June 11, 2024 by BrianKrebs

Microsoft today released updates to fix more than 50 security vulnerabilities in Windows and related software, a relatively light Patch Tuesday this month for Windows administrators. The software giant also responded to a torrent of negative feedback on a new feature of Redmond’s flagship operating system that constantly takes screenshots of whatever users are doing on their computers, saying the feature would no longer be enabled by default. Continue reading Patch Tuesday, June 2024 “Recall” Edition→

Check Point VPN zero-day exploited since beginning of April (CVE-2024-24919)

Posted on May 31, 2024 by Zeljka Zorz

Attackers have been exploiting CVE-2024-24919, a zero-day vulnerability in Check Point Security Gateways, to pinpoint and extract password hashes for local accounts, which they then used to move laterally in the target organizations’ network. &#8… Continue reading Check Point VPN zero-day exploited since beginning of April (CVE-2024-24919)→